# Setup auth service at /auth/ and remove any Remote-* headers sent by client (for security)
header -Remote-*
@auth_api path /auth /auth/*
handle @auth_api {
    reverse_proxy {$AUTH_UPSTREAM::4401}
}